[ietf-dkim] Delegating responsibility: a make vs. buy design
decision
Dave Crocker
dhc at dcrocker.net
Fri Aug 18 10:31:50 PDT 2006
Wietse Venema wrote:
> In case (1), when the trusted signer-domain matches the author-domain,
> I might trust that the mail actually originates from the rfc822.from
> domain. In case (2), when the trusted signer-domain is not related
> to the author-domain, I might trust that mail was distributed by
> the mailing list that I subscribe to, or that it was processed by
> the malware removal service that I subscribe to. Thus, in (2) the
> author-domain (rfc822.from) is relatively unimportant compared to
> the signing-domain; even in (1) its importance is only secondary.
*very* nicely stated.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list